| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACT4Y+a4CdMZ-Fj4asPQjN+d57A5eQCwnxN5Rui+eKPZx2y5wQ@mail.gmail.com>
Date: Mon, 17 Oct 2016 10:59:47 +0200
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Alexander Potapenko <glider@...gle.com>,
kasan-dev <kasan-dev@...glegroups.com>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] kasan: support panic_on_warn
On Mon, Oct 17, 2016 at 10:39 AM, Andrey Ryabinin
<aryabinin@...tuozzo.com> wrote:
>
>
> On 10/17/2016 11:18 AM, Dmitry Vyukov wrote:
>> On Mon, Oct 17, 2016 at 10:13 AM, Andrey Ryabinin
>> <aryabinin@...tuozzo.com> wrote:
>>>
>>>
>>> On 10/14/2016 08:10 PM, Dmitry Vyukov wrote:
>>>> If user sets panic_on_warn, he wants kernel to panic if there is
>>>> anything barely wrong with the kernel. KASAN-detected errors
>>>> are definitely not less benign than an arbitrary kernel WARNING.
>>>>
>>>> Panic after KASAN errors if panic_on_warn is set.
>>>>
>>>> We use this for continuous fuzzing where we want kernel to stop
>>>> and reboot on any error.
>>>>
>>>> Signed-off-by: Dmitry Vyukov <dvyukov@...gle.com>
>>>> Cc: kasan-dev@...glegroups.com
>>>> Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>
>>>> Cc: Alexander Potapenko <glider@...gle.com>
>>>> Cc: Andrew Morton <akpm@...ux-foundation.org>
>>>> Cc: linux-mm@...ck.org
>>>> Cc: linux-kernel@...r.kernel.org
>>>> ---
>>>> mm/kasan/report.c | 4 ++++
>>>> 1 file changed, 4 insertions(+)
>>>>
>>>> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
>>>> index 24c1211..ca0bd48 100644
>>>> --- a/mm/kasan/report.c
>>>> +++ b/mm/kasan/report.c
>>>> @@ -133,6 +133,10 @@ static void kasan_end_report(unsigned long *flags)
>>>> pr_err("==================================================================\n");
>>>> add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
>>>> spin_unlock_irqrestore(&report_lock, *flags);
>>>> + if (panic_on_warn) {
>>>> + panic_on_warn = 0;
>>>
>>> Why we need to reset panic_on_warn?
>>> I assume this was copied from __warn(). AFAIU in __warn() this protects from recursion:
>>> __warn() -> painc() ->__warn() -> panic() -> ...
>>> which is possible if WARN_ON() triggered in panic().
>>> But KASAN is protected from such recursion via kasan_disable_current().
>>
>> But we have recursion into panic via kasan->panic->warning->panic.
>
> We do, like almost every other panic() call in the kernel. But at least it's finite.
> So, if finite recursion is a problem for panic() it should be fixed in panic(), rather then on every panic() call site.
I misunderstood the comment in warning code:
502 /*
503 * This thread may hit another WARN() in the panic path.
504 * Resetting this prevents additional WARN() from
panicking the
505 * system on this thread. Other threads are blocked by the
506 * panic_mutex in panic().
507 */
I interpreted it as recursion into panic will cause a deadlock due to
recursive mutex acquisition.
But the mutex is a custom CAS that supports recursion on the same CPU.
136 this_cpu = raw_smp_processor_id();
137 old_cpu = atomic_cmpxchg(&panic_cpu, PANIC_CPU_INVALID, this_cpu);
138
139 if (old_cpu != PANIC_CPU_INVALID && old_cpu != this_cpu)
140 panic_smp_self_stop();
Mailed v2.
Thanks!
>>
>>>> + panic("panic_on_warn set ...\n");
>>>> + }
>>>> kasan_enable_current();
>>>> }
Powered by blists - more mailing lists